Heartbeat to be possibly used as password to access EHRs

Researchers at the institutes of Binghamton University, State University of New York have devised a latest way to secure personal electronic health records (EHRs) by utilizing a patient's own heartbeat. Heartbeat can be possibly used as password to access EHRs.

"The charges and complexity of traditional encryption solutions stop them being straightly applied to telemedicine or mobile healthcare. Those systems are steadily replacing clinic-centered healthcare, and we needed to find a distinctive solution to secure sensitive personal health data with something simple, available and cost-effective," claimed Zhanpeng Jin, assistant professor in the Department of Electrical and Computer Engineering at the Thomas J. Watson School of Engineering and Applied Science at Binghamton University. Jin is the co-author of a new paper entitled as "A Robust and Reusable ECG-based Authentication and Data Encryption Scheme for eHealth Systems."

Traditional security measures--like cryptography or encryption--can be costly, time-consuming, and computing-intensive. Binghamton researchers encrypted patient data by utilizing an individual’s unique electrocardiograph (ECG)--a measurement of the electrical activity of the heart measured by a biosensor attached to the skin--as the key to lock and unlock the files.

"The ECG signal is believed to be one of the most vital and common physiological parameters collected and observed to understand a sufferer’s health," said Jin. "While ECG signals are collected for clinical diagnosis and transmitted through networks to electronic health records (EHRs), we strategically reused the ECG signals for the data encryption. Through this strategy, the security and privacy can be modified while minimum charges will be added."

Essentially, the sufferer’s heartbeat is the password to access EHRs.

The identification scheme is a combination of initial work by Jin using a unique brainprint of person rather than traditional passwords for access to computers and buildings combined with cyber-security work from Guo and Chen. Heartbeat can be possibly used as password to access EHRs.

"This research will be very useful and important for next-generation secure, personalized healthcare," stated Jin.

Since an ECG might change because of age, illness or injury--or a patient might just want to change how their records are accessed--researchers are presently working out ways to incorporate those variables.

Assistant Professor Linke Guo and Associate Professor Yu Chen, along with PhD candidates Pei Huang and Borui Li, are co-authors of the paper.

The research was presented at The IEEE Global Communications Conference (GLOBECOM 2016) in Washington, D.C., in the month of December 2016.\